DeFi protocol, Fortress Has Been Hacked

2022-06-16, 04:27

How was Fortress Hacked?

Fortress Protocol is a product of Fortress Investment Group.

After 13 years of Fortress Invest Group's establishment, it recorded tremendous success and garnered about $45.5 billion in alternative assets, private equity, credit funds, and liquid edge funds.

Fortress Lending and Loans is a prominent subsidiary of Fortress Investment Group.

Fortress Lending and Loans is a DeFi protocol built to bring secure and trustees credit alongside lending to its patrons on Binance Smart Chain.

Investors can borrow and lend cryptocurrencies using the token for Fortress, FTS.

Fortress Lending price token in the stock market is FTS.

The hack of the Fortress protocol led to the loss of about $3 million worth of cryptocurrency.

The lost cryptocurrencies include $ 2, 979, 724 million, 400 000 DAI stablecoin tokens worth $2.98 million, and 1 048.1 Ethereum tokens worth $2.58 million.

Fortress Protocol has since then disabled the supply and borrow features on the Fortress Loan App.

Blockchain applications and protocols are built with advanced security features. There are quite a number of reasons for these advanced security features and smart firewalls.

The security architecture is often built so strongly to prevent unauthorized access. When hackers try to bypass these security protocols, they get barred.

In some cases, when there is a suspicious movement on a blockchain wallet or Decentralized Finance (DeFi) protocol, the wallet automatically gets locked until the original owner provides vital details of the account.

With all these measures and mechanisms in place, hackers and unauthorized persons still have their way into these DeFi protocols. The question now is, "how is it possible?"

Not to worry, this article will give the details of a DeFi protocol hack and the attack that Fortress recently suffered.

Let's begin!


Fortress As A Decentralized Finance Protocol


Image: Fortress

Fortress Investment Group started as a Private Equity firm in 1998 and later became an investment management firm.

The fortress was founded by Wes Edens, Rob Kauffman, and Randal Nardone and is based in New York City.

In February 2007, Fortress launched on the New York Stock Exchange (NYSE) and became the first large private equity firm traded in the United States.

By June 2020, Fortress has become the manager of about $45.5 billion in alternative assets, private equity, credit funds, and liquid edge funds.

The popular subsidiary of Fortress Investment Group is the Fortress lending and loans that are being deployed on the Ethereum blockchain.

The fortress is a lending type of DeFi protocol built to bring secure and trustees credit alongside lending to its patrons on the Binance Smart Chain.

Fortress Lending is a synthetic stablecoin protocol and an algorithmic money market. The token for Fortress Lending price in the stock market is FTS.

Fortress Protocol allows investors to borrow and lend cryptocurrencies. Before you are eligible to borrow or lend a cryptocurrency, you will pledge the platform an over-collateralized amount of cryptocurrency.

If you choose to supply liquidity to the fortress, you earn compounded interest as a reward for providing Fortress assets to the protocol. You are eligible to mint stable coins or borrow other digital assets against their supplied assets if you are supplying the Fortress asset.


How Fortress Protocol Was Hacked


Image: BSC News

Fortress protocol was thrown into a frenzy when they discovered that about $3 million worth of cryptocurrency had been stolen from their platform.

According to CertiK, a foremost blockchain security company, the attack led to losing $ 2, 979, 724 million 400 000 DAI stablecoin tokens worth $2.98 million and 1 048.1 Ethereum tokens worth $2.58 million.

The digital assets were stolen through an assault on the third-party infrastructure backed by Oracle price manipulation. According to Blocksec, the hackers were able to change the price of the Fortress token (FTS) and used a large purchase of this token to make vital adjustments.

A tweet by Fortress announced that all the stolen funds were transferred from Binance Smart Chain to Ethereum and subsequently mixed with privacy protocol Tornado Cash.

Ethereum blockchain governs the Fortress protocol. The attackers had to use the Ethereum token to buy a significant number of FTS governance tokens.

The attack is widely believed to be an Oracle manipulation attack, and it drained all funds in the Fortress Protocol. The stolen funds were immediately deposited into Tornado, a cryptocurrency mixing service, and it will be tough to track or trace the stolen assets by depositing into Tornado.

In an attempt to unravel the mystery behind the attack and how such a vast amount of assets can be wiped at a go, Blockchain experts concluded. One of those widely accepted conclusions is the submission of Peckshield and BlockSec.

Both blockchain security companies said that Oracle used by Fortress lacks power validation and is easy to hack or bypass. Both Peckshield and BlockSec strongly believed that the lack of power verification made it easy for the hacker(s) to change the Price of FTS and use a significant coin purchase to make changes.

Fortress protocol sent out a statement notifying its users that it has disabled the supply and borrow features on the Fortress Loan App in response to the attack. The disabling of this feature is till further notice.

According to the Jetfuel Finance multi-chain Ecosystem, the associate developer of Fortress, they maintained that all existing smart contracts are still fully operational.


Conclusion


Image: Morioh

The incessant attack on Decentralized Finance (DeFi) Protocol is alarming, and a lot of investors are losing their investments to these attacks.

Peckshield reported that about $1.55 billion worth of digital assets were stolen in 2021. As of May 2022, the amount of stolen cryptocurrency in DeFi protocols has reached $1.57 billion.

In April 2022, Inverse, another DeFi protocol, lost about $15 million to a similar Price Oracle manipulation scam. The attack keeps occurring either in a different or similar pattern.

The questions now are; which DeFi protocol is next, and how are blockchain developers tackling these continuous attacks?






Author: Valentine. A, Gate.io Researcher

This article represents only the researcher's views and does not constitute any investment suggestions.

Gate.io reserves all rights to this article. Reposting of the article will be permitted provided Gate.io is referenced. In all cases, legal action will be taken due to copyright infringement.
Share
gate logo
Credit Ranking
Complete Gate Post tasks to upgrade your rank